| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LNX.2.00.1309191030180.3014@linux.site> Date: Thu, 19 Sep 2013 10:47:11 +0200 (CEST) From: Torsten Duwe <duwe@....de> To: "H. Peter Anvin" <hpa@...or.com> cc: Torsten Duwe <duwe@....de>, tytso@....edu, ingo.tuchscherer@...ibm.com, linux-kernel@...r.kernel.org, Hans-Georg Markgraf <MGRF@...ibm.com>, Gerald Schaefer <gerald.schaefer@...ibm.com>, Martin Schwidefsky <schwidefsky@...ibm.com>, Heiko Carstens <heiko.carstens@...ibm.com>, Joe Perches <joe@...ches.com> Subject: Re: [Resend PATCH 2/2] s390: provide hardware randomness from zcrypt card to /dev/random On Thu, 12 Sep 2013, H. Peter Anvin wrote: > From what I can gather from the patch this is too heavyweight (need > locks and so on) to use as arch_get_random*(). There has been a lot of Alas, I can see there's only x86 that currently has this implemented? > discussion about the pros and cons of allowing the kernel to bypass > rngd, but I would think that any such plumbing -- once it gets past the > fully synchronous low latency properties of arch_get_random*() -- really > should be implemented as an option in the existing hwrng device > infrastructure. As I wrote in the intro, the problem to solve is slow startup when ASLR is in effect; in that case: until rngd or haveged is finally running. > In other words, start by implementing a hwrng device. That will work > right now with rngd running. Then we can consider if we want to allow That's already there, thanks to the IBM guys :) > bypass of rngd for certain hwrng devices -- which may include zcrypt, > virtio_rng and so on. I'm currently thinking about some kind of buffer in zcrypt, where arch_get_random can get a long or int quickly, as "designed" after x86. Device init or low water would trigger a work item to refill the buffer. It might tun out though, that every device on every architecture that does not quite match the x86 approach implements its own buffer. What do you think? Besides that, as you wrote, a generic mechanism to mix hwrngs into the input pool would be nice, triggered by user space policy. As far as I can see, some mixing of arch_get_random is done, but no entropy credited? Torsten -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists